Search code examples
firewallpleskvirtuozzo

Plesk firewall rule not working correctly

If got a VPS running with PLESK (12.5). If got the firewall (virtuozzo) running on PLESK

Unfortunately my ISP only has dynamic IP, which forces me to open a CIDR range to get in PLESK, SSH and FTP.

This is my firewall config in PLESK enter image description here

I've got 3 ranges, the first is from my workplace, the other two are ranges from my ISP. My current IP matches the first ISP range. Via my IPS I CAN get into SSH en FTP, but access is denied for the PLESK admin panel: "Error: Access for administrator from address '' is restricted in accordance with IP Access restriction policy currently applied." from my workplace I can enter the admin panel.

I have no idea why this isn't working? The rules are also correct in /usr/local/psa/var/modules/firewall/firewall-active.sh so plesk does write the config file.

Solution

  • This message: "Access for administrator from address" is from Plesk's "Administrator access restriction". It's a separate feature and has no takes in account firewall rules:

    Plesk restrict access policy

    Plesk restrict access admin

    I've not found CLI which controls this settings, but in database there are:

    # mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "select * from misc where param='access_policy'"
+---------------+------+
| param         | val  |
+---------------+------+
| access_policy | deny |
+---------------+------+
# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "select * from cp_access"
+----+------+----------+-----------+
| id | type | netaddr  | netmask   |
+----+------+----------+-----------+
|  4 | deny | 10.0.0.0 | 255.0.0.0 |
+----+------+----------+-----------+

    "deny" policy means "Deny all except listed".